{"url":"http://public2.vulnerablecode.io/api/packages/572280?format=json","purl":"pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9","type":"deb","namespace":"debian","name":"puppet","version":"2.6.2-5+squeeze9","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.5.10-4","latest_non_vulnerable_version":"5.5.10-4","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84374?format=json","vulnerability_id":"VCID-18aq-72zg-3uc9","summary":"puppet: Unsafe YAML deserialization","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2295.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2295","reference_id":"","reference_type":"","scores":[{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.8313","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.8334","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83298","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.8332","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83147","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83159","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83184","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83191","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83201","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83197","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83233","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83234","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83236","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83258","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83267","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01893","scoring_system":"epss","scoring_elements":"0.83275","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2295"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2295"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:C"},{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452651","reference_id":"1452651","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452651"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212","reference_id":"863212","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863212"},{"reference_url":"https://usn.ubuntu.com/3308-1/","reference_id":"USN-3308-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3308-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4804-1/","reference_id":"USN-USN-4804-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4804-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1048993?format=json","purl":"pkg:deb/debian/puppet@3.7.2-4%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1052089?format=json","purl":"pkg:deb/debian/puppet@4.8.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8xgm-pabz-hkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5"}],"aliases":["CVE-2017-2295"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-18aq-72zg-3uc9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15833?format=json","vulnerability_id":"VCID-2jc8-n1j4-m7c6","summary":"Puppet Privilege Escallation\nThe change_user method in the SUIDManager (lib/puppet/util/suidmanager.rb) in Puppet 2.6.x before 2.6.14 and 2.7.x before 2.7.11, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x before 2.0.3 does not properly manage group privileges, which allows local users to gain privileges via vectors related to (1) the change_user not dropping supplementary groups in certain conditions, (2) changes to the eguid without associated changes to the egid, or (3) the addition of the real gid to supplementary groups.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1053.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1053","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13371","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13479","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13453","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13418","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13372","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13279","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13277","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13357","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13362","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13335","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13231","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13132","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13288","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13389","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13551","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13348","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1343","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1053"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1053"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/73445","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/73445"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/76d0749f0a9a496b70e7dc7e6d6d6ff692224e36"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.opensuse.org/opensuse-security-announce/2012-03/msg00003.html"},{"reference_url":"https://ubuntu.com/usn/usn-1372-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/usn/usn-1372-1"},{"reference_url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053"},{"reference_url":"https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513215447/http://projects.puppetlabs.com/issues/12458"},{"reference_url":"https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513215653/http://projects.puppetlabs.com/issues/12457"},{"reference_url":"https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513223437/http://projects.puppetlabs.com/issues/12459"},{"reference_url":"https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120527071855/http://www.securityfocus.com/bid/52158"},{"reference_url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.14"},{"reference_url":"https://www.debian.org/security/2012/dsa-2419","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2012/dsa-2419"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=791001","reference_id":"791001","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=791001"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1053","reference_id":"CVE-2012-1053","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1053"},{"reference_url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/","reference_id":"CVE-2012-1053","reference_type":"","scores":[],"url":"https://web.archive.org/web/20120504011717/http://puppetlabs.com/security/cve/cve-2012-1053/"},{"reference_url":"https://github.com/advisories/GHSA-77hg-g8cc-5r37","reference_id":"GHSA-77hg-g8cc-5r37","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-77hg-g8cc-5r37"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1372-1/","reference_id":"USN-1372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-1053","GHSA-77hg-g8cc-5r37"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2jc8-n1j4-m7c6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8452?format=json","vulnerability_id":"VCID-3kma-3ffw-8qd9","summary":"Improper Input Validation\nPuppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arbitrary code via a crafted REST API call.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-08/msg00019.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1283.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1283.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1284.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1284.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-3567.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3567","reference_id":"","reference_type":"","scores":[{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91147","published_at":"2026-05-09T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91073","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91098","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91097","published_at":"2026-04-18T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.911","published_at":"2026-04-21T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91114","published_at":"2026-04-24T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91111","published_at":"2026-04-26T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91107","published_at":"2026-04-29T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91121","published_at":"2026-05-05T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91135","published_at":"2026-05-07T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91023","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91028","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91037","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91046","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91058","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06459","scoring_system":"epss","scoring_elements":"0.91064","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-3567"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-3567"},{"reference_url":"http://secunia.com/advisories/54429","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/54429"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-3567.yml"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-3567","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppetlabs.com/security/cve/cve-2013-3567"},{"reference_url":"https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2013-3567-unauthenticated-remote-code-execution-vulnerability"},{"reference_url":"http://www.debian.org/security/2013/dsa-2715","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2715"},{"reference_url":"http://www.ubuntu.com/usn/USN-1886-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1886-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745","reference_id":"712745","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=712745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=974649","reference_id":"974649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=974649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3567","reference_id":"CVE-2013-3567","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-3567"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-3567/","reference_id":"CVE-2013-3567","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-3567/"},{"reference_url":"https://github.com/advisories/GHSA-f7p5-w2cr-7cp7","reference_id":"GHSA-f7p5-w2cr-7cp7","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7p5-w2cr-7cp7"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1283","reference_id":"RHSA-2013:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1284","reference_id":"RHSA-2013:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1284"},{"reference_url":"https://usn.ubuntu.com/1886-1/","reference_id":"USN-1886-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1886-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1048991?format=json","purl":"pkg:deb/debian/puppet@3.7.2-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4"}],"aliases":["CVE-2013-3567","GHSA-f7p5-w2cr-7cp7"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kma-3ffw-8qd9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44797?format=json","vulnerability_id":"VCID-3zzj-krc5-skea","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2275.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2275.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2275","reference_id":"","reference_type":"","scores":[{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59407","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59231","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59304","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59328","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59292","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59343","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59356","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59359","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59341","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59373","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.5938","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59361","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59338","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59358","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59301","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00378","scoring_system":"epss","scoring_elements":"0.59349","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2275"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2275"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-2275/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-2275/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58449","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58449"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919785","reference_id":"919785","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919785"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2275","reference_id":"CVE-2013-2275","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2275"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2013-2275"],"risk_score":1.8,"exploitability":"0.5","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3zzj-krc5-skea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8397?format=json","vulnerability_id":"VCID-5g6u-uvej-xbad","summary":"Moderate severity vulnerability that affects puppet\nUnspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby programs from the master via the resource_type service.  NOTE: this vulnerability can only be exploited utilizing unspecified \"local file system access\" to the Puppet Master.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2014-01/msg00009.html"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2013-4761","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2013-4761"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1283.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1283.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-1284.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://rhn.redhat.com/errata/RHSA-2013-1284.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4761.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4761","reference_id":"","reference_type":"","scores":[{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70175","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70087","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70067","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70119","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70127","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70102","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70144","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69972","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69984","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69999","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.69975","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70024","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.7004","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70048","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70035","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0062","scoring_system":"epss","scoring_elements":"0.70078","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-4761.yml"},{"reference_url":"https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2013-4761-resourcetype-remote-code-execution-vulnerability"},{"reference_url":"http://www.debian.org/security/2013/dsa-2761","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2761"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=996856","reference_id":"996856","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=996856"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2013-4761/","reference_id":"CVE-2013-4761","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2013-4761/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4761","reference_id":"CVE-2013-4761","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4761"},{"reference_url":"https://github.com/advisories/GHSA-cj43-9h3w-v976","reference_id":"GHSA-cj43-9h3w-v976","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-cj43-9h3w-v976"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1283","reference_id":"RHSA-2013:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1284","reference_id":"RHSA-2013:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1284"},{"reference_url":"https://usn.ubuntu.com/1928-1/","reference_id":"USN-1928-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1928-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1048991?format=json","purl":"pkg:deb/debian/puppet@3.7.2-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4"}],"aliases":["CVE-2013-4761","GHSA-cj43-9h3w-v976"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5g6u-uvej-xbad"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47723?format=json","vulnerability_id":"VCID-72s2-y7m6-kuf6","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which might allow local attackers to gain escalated privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1054.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1054","reference_id":"","reference_type":"","scores":[{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21599","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21826","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21579","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21656","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21713","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21724","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21685","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21628","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21627","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21634","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21602","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21454","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21448","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21436","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21341","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21409","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00071","scoring_system":"epss","scoring_elements":"0.21494","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1054"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1054"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=791002","reference_id":"791002","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=791002"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1372-1/","reference_id":"USN-1372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-1054"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-72s2-y7m6-kuf6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44808?format=json","vulnerability_id":"VCID-73uh-2gkm-6kgy","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4956.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4956","reference_id":"","reference_type":"","scores":[{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29083","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29157","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29207","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29018","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29082","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29124","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2913","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29085","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29034","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29062","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29039","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28993","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28873","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2876","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2869","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28538","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.28599","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.2862","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4956"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4761"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4956"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=996855","reference_id":"996855","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=996855"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1283","reference_id":"RHSA-2013:1283","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1283"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:1284","reference_id":"RHSA-2013:1284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:1284"},{"reference_url":"https://usn.ubuntu.com/1928-1/","reference_id":"USN-1928-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1928-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1048991?format=json","purl":"pkg:deb/debian/puppet@3.7.2-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4"}],"aliases":["CVE-2013-4956"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-73uh-2gkm-6kgy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8391?format=json","vulnerability_id":"VCID-75gs-2gu3-6udx","summary":"Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')\nDirectory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. (dot dot) in a node name.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3865","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-3865"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3865.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3865","reference_id":"","reference_type":"","scores":[{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78807","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78787","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.7877","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78763","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78734","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78738","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.7874","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78845","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.7883","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78719","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78705","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78679","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78712","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.78737","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0215","scoring_system":"epss","scoring_elements":"0.84205","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0215","scoring_system":"epss","scoring_elements":"0.84174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0215","scoring_system":"epss","scoring_elements":"0.84187","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3865"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839131","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839131"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3865"},{"reference_url":"http://secunia.com/advisories/50014","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50014"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/554eefc55f57ed2b76e5ee04d8f194d36f6ee67f"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/d80478208d79a3e6d6cb1fbc525e24817fe8c4c6"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/CVE-2012-3865.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3865.yml"},{"reference_url":"https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/overview-cve-2012-3865-arbitrary-file-delete/dos-puppet-master"},{"reference_url":"http://www.debian.org/security/2012/dsa-2511","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2511"},{"reference_url":"http://www.ubuntu.com/usn/USN-1506-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1506-1"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3865/","reference_id":"CVE-2012-3865","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-3865/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3865","reference_id":"CVE-2012-3865","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3865"},{"reference_url":"https://github.com/advisories/GHSA-g89m-3wjw-h857","reference_id":"GHSA-g89m-3wjw-h857","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-g89m-3wjw-h857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1506-1/","reference_id":"USN-1506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1506-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-3865","GHSA-g89m-3wjw-h857"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-75gs-2gu3-6udx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44778?format=json","vulnerability_id":"VCID-7jtp-a1nw-bqfs","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1640.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1640","reference_id":"","reference_type":"","scores":[{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83589","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83389","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83402","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83416","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83415","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8344","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8345","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83464","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83458","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83489","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8349","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83492","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83515","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83521","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83524","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.83548","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01948","scoring_system":"epss","scoring_elements":"0.8357","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1640"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1640"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1640/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1640/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919783","reference_id":"919783","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919783"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1640","reference_id":"CVE-2013-1640","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1640"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2013-1640"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7jtp-a1nw-bqfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8394?format=json","vulnerability_id":"VCID-7ypq-wmb7-quhc","summary":"Moderate severity vulnerability that affects facter, hiera, mcollective-client, and puppet\nUntrusted search path vulnerability in Puppet Enterprise 2.8 before 2.8.7, Puppet before 2.7.26 and 3.x before 3.6.2, Facter 1.6.x and 2.x before 2.0.2, Hiera before 1.3.4, and Mcollective before 2.5.2, when running with Ruby 1.9.1 or earlier, allows local users to gain privileges via a Trojan horse file in the current working directory, as demonstrated using (1) rubygems/defaults/operating_system.rb, (2) Win32API.rb, (3) Win32API.so, (4) safe_yaml.rb, (5) safe_yaml/deep.rb, or (6) safe_yaml/deep.so; or (7) operatingsystem.rb, (8) operatingsystem.so, (9) osfamily.rb, or (10) osfamily.so in puppet/confine.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3248.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3248","reference_id":"","reference_type":"","scores":[{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22261","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22432","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22182","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22103","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22206","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22213","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22227","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22379","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00074","scoring_system":"epss","scoring_elements":"0.22429","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37312","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37243","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37409","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37433","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37261","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37325","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37336","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37302","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00164","scoring_system":"epss","scoring_elements":"0.37274","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3248"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3248"},{"reference_url":"http://secunia.com/advisories/59197","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59197"},{"reference_url":"http://secunia.com/advisories/59200","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/59200"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/facter/CVE-2014-3248.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/hiera/CVE-2014-3248.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/mcollective-client/CVE-2014-3248.yml"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2014-3248.yml"},{"reference_url":"https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20141129061319/http://www.securityfocus.com/bid/68035"},{"reference_url":"https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet"},{"reference_url":"https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20150907182402/http://puppetlabs.com/security/cve/cve-2014-3248"},{"reference_url":"http://www.securityfocus.com/bid/68035","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/68035"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1101346","reference_id":"1101346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1101346"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.0:rc4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:facter:2.0.1:rc4:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:hiera:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:facter:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:marionette_collective:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:*:*:*:*:*:*:*:*"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2014-3248","reference_id":"CVE-2014-3248","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2014-3248"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3248","reference_id":"CVE-2014-3248","reference_type":"","scores":[{"value":"6.2","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:N/C:C/I:C/A:C"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3248"},{"reference_url":"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/","reference_id":"CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET","reference_type":"","scores":[],"url":"http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"},{"reference_url":"https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/","reference_id":"CVE-2014-3248-A-LITTLE-PROBLEM-WITH-PUPPET","reference_type":"","scores":[],"url":"https://web.archive.org/web/20150204183209/http://rowediness.com/2014/06/13/cve-2014-3248-a-little-problem-with-puppet/"},{"reference_url":"https://github.com/advisories/GHSA-92v7-pq4h-58j5","reference_id":"GHSA-92v7-pq4h-58j5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-92v7-pq4h-58j5"},{"reference_url":"https://security.gentoo.org/glsa/201412-15","reference_id":"GLSA-201412-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-15"},{"reference_url":"https://security.gentoo.org/glsa/201412-45","reference_id":"GLSA-201412-45","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-45"},{"reference_url":"https://usn.ubuntu.com/3308-1/","reference_id":"USN-3308-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3308-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1048991?format=json","purl":"pkg:deb/debian/puppet@3.7.2-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4"}],"aliases":["CVE-2014-3248","GHSA-92v7-pq4h-58j5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7ypq-wmb7-quhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14779?format=json","vulnerability_id":"VCID-8xgm-pabz-hkeg","summary":"Improper Privilege Management\nIn previous versions of Puppet Agent it was possible to install a module with world writable permissions. Puppet Agent 5.3.4 and 1.10.10 included a fix to this vulnerability.","references":[{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2927","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2018:2927"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json","reference_id":"","reference_type":"","scores":[{"value":"2.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-10689.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10689","reference_id":"","reference_type":"","scores":[{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25465","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25575","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25625","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25634","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25689","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25714","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25732","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25728","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25786","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25828","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25819","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2577","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25699","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2593","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25887","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.25827","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2559","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00092","scoring_system":"epss","scoring_elements":"0.2553","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-10689"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10689"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/17d9e02da3882e44c1876e2805cf9708481715ee"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/2f1047f85e22cde139a421bc25d371f2ffc92cb1"},{"reference_url":"https://tickets.puppetlabs.com/browse/PUP-7866","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tickets.puppetlabs.com/browse/PUP-7866"},{"reference_url":"https://usn.ubuntu.com/3567-1","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/3567-1"},{"reference_url":"https://usn.ubuntu.com/3567-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3567-1/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542850","reference_id":"1542850","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1542850"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412","reference_id":"890412","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890412"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10689","reference_id":"CVE-2017-10689","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-10689"},{"reference_url":"https://puppet.com/security/cve/CVE-2017-10689","reference_id":"CVE-2017-10689","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/CVE-2017-10689"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml","reference_id":"CVE-2017-10689.YML","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2017-10689.yml"},{"reference_url":"https://github.com/advisories/GHSA-vw22-465p-8j5w","reference_id":"GHSA-vw22-465p-8j5w","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vw22-465p-8j5w"},{"reference_url":"https://usn.ubuntu.com/USN-4804-1/","reference_id":"USN-USN-4804-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4804-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052090?format=json","purl":"pkg:deb/debian/puppet@5.5.10-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@5.5.10-4"}],"aliases":["CVE-2017-10689","GHSA-vw22-465p-8j5w"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8xgm-pabz-hkeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15788?format=json","vulnerability_id":"VCID-a7cn-eqbq-qyb1","summary":"Puppet uses predictable filenames, allowing arbitrary file overwrite\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.","references":[{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3871.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3871","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12801","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12907","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12939","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12915","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12817","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12958","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1305","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12814","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13102","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12904","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12983","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13035","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12913","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12996","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12931","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1286","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12711","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3871"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/343c7bd381b63e042d437111718918f951d9b30d"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/d76c30935460ded953792dfe49f72b8c5158e899"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3871.yml"},{"reference_url":"http://www.debian.org/security/2011/dsa-2314","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2314"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=742649","reference_id":"742649","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=742649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3871","reference_id":"CVE-2011-3871","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3871"},{"reference_url":"https://puppet.com/security/cve/cve-2011-3871","reference_id":"CVE-2011-3871","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2011-3871"},{"reference_url":"https://github.com/advisories/GHSA-mpmx-gm5v-q789","reference_id":"GHSA-mpmx-gm5v-q789","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-mpmx-gm5v-q789"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1223-1/","reference_id":"USN-1223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2011-3871","GHSA-mpmx-gm5v-q789"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-a7cn-eqbq-qyb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8424?format=json","vulnerability_id":"VCID-b94j-dcjk-eqeu","summary":"Improper Authentication\nlib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.","references":[{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3408","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-3408"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3408.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3408.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3408","reference_id":"","reference_type":"","scores":[{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49088","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49158","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49156","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49124","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49122","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49079","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.48997","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.4906","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49049","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49083","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49111","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49065","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49119","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49116","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49133","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49107","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00257","scoring_system":"epss","scoring_elements":"0.49113","published_at":"2026-04-24T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3408"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839166","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839166"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3408","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3408"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/ab9150baa1b738467a33b01df1d90e076253fbbd"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3408.yml"},{"reference_url":"https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2012-3408-agent-impersonation"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3408/","reference_id":"CVE-2012-3408","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-3408/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3408","reference_id":"CVE-2012-3408","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3408"},{"reference_url":"https://github.com/advisories/GHSA-vxf6-w9mp-95hm","reference_id":"GHSA-vxf6-w9mp-95hm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vxf6-w9mp-95hm"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-3408","GHSA-vxf6-w9mp-95hm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b94j-dcjk-eqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92918?format=json","vulnerability_id":"VCID-bt3p-h1js-53gg","summary":"Versions of Puppet Agent prior to 1.6.0 included a version of the Puppet Execution Protocol (PXP) agent that passed environment variables through to Puppet runs. This could allow unauthorized code to be loaded. This bug was first introduced in Puppet Agent 1.3.0.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5713","reference_id":"","reference_type":"","scores":[{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78377","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78361","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78185","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78194","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78224","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78206","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78232","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78238","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78264","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78247","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78242","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78274","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78271","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78268","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78301","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78307","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78323","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78336","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5713"},{"reference_url":"https://puppet.com/security/cve/cve-2016-5713","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/cve-2016-5713"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5713","reference_id":"CVE-2016-5713","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5713"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052088?format=json","purl":"pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5~bpo8%252B1"}],"aliases":["CVE-2016-5713"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bt3p-h1js-53gg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47721?format=json","vulnerability_id":"VCID-fdk4-8wtn-nqct","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which might allow local attackers to gain escalated privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3848.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3848.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3848","reference_id":"","reference_type":"","scores":[{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62653","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62711","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62742","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62706","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62758","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62775","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62793","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62783","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.6276","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62801","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62808","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62789","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62809","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62826","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62824","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62777","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00433","scoring_system":"epss","scoring_elements":"0.62877","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3848"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3848"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=742174","reference_id":"742174","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=742174"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1217-1/","reference_id":"USN-1217-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1217-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2011-3848"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fdk4-8wtn-nqct"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/55668?format=json","vulnerability_id":"VCID-fjbx-bqnn-2bf3","summary":"insecure temporary files","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-4969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4969","reference_id":"","reference_type":"","scores":[{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11414","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11408","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11536","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11591","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1138","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11464","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11523","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11533","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11499","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11469","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1133","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11455","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11407","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11365","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.1129","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11221","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00038","scoring_system":"epss","scoring_elements":"0.11355","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4969"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1045212","reference_id":"1045212","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1045212"},{"reference_url":"https://usn.ubuntu.com/2077-1/","reference_id":"USN-2077-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2077-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1048991?format=json","purl":"pkg:deb/debian/puppet@3.7.2-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4"}],"aliases":["CVE-2013-4969"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fjbx-bqnn-2bf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15790?format=json","vulnerability_id":"VCID-h88b-abes-3bgr","summary":"Puppet Denial of Service and Arbitrary File Write\nUnspecified vulnerability in Puppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys to (1) cause a denial of service (memory consumption) via a REST request to a stream that triggers a thread block, as demonstrated using CVE-2012-1986 and /dev/random; or (2) cause a denial of service (filesystem consumption) via crafted REST requests that use \"a marshaled form of a Puppet::FileBucket::File object\" to write to arbitrary file locations.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1987.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1987","reference_id":"","reference_type":"","scores":[{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73531","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73351","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.7336","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73384","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73355","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73392","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73406","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73429","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73409","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73401","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73443","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73451","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73445","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73479","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73491","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73488","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73482","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00763","scoring_system":"epss","scoring_elements":"0.73507","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1987"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1987"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74794","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74794"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1987.yml"},{"reference_url":"https://hermes.opensuse.org/messages/14523305","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/14523305"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513213318/http://projects.puppetlabs.com/issues/13553"},{"reference_url":"https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513224202/http://projects.puppetlabs.com/issues/13552"},{"reference_url":"https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121005145241/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"},{"reference_url":"https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987"},{"reference_url":"http://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1419-1"},{"reference_url":"http://www.debian.org/security/2012/dsa-2451","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=810070","reference_id":"810070","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=810070"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1987","reference_id":"CVE-2012-1987","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1987"},{"reference_url":"https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/","reference_id":"CVE-2012-1987","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160808163232/https://puppet.com/security/cve/cve-2012-1987/"},{"reference_url":"https://github.com/advisories/GHSA-v58w-6xc2-w799","reference_id":"GHSA-v58w-6xc2-w799","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-v58w-6xc2-w799"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-1987","GHSA-v58w-6xc2-w799"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h88b-abes-3bgr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15709?format=json","vulnerability_id":"VCID-jhkk-5euf-uked","summary":"Improper Link Resolution Before File Access ('Link Following')\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.","references":[{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3869.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3869","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12764","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.128","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1278","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12678","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12671","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12803","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12768","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12754","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12834","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12885","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12813","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12698","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12563","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12656","published_at":"2026-04-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3869"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3869"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/2775c21ae48e189950dbea5e7b4d1d9fa2aca41c"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/7d4c169df84fc7bbeb2941bf995a63470f71bdbd"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3869.yml"},{"reference_url":"http://www.debian.org/security/2011/dsa-2314","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2314"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=742645","reference_id":"742645","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=742645"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3869","reference_id":"CVE-2011-3869","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3869"},{"reference_url":"https://puppet.com/security/cve/cve-2011-3869","reference_id":"CVE-2011-3869","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2011-3869"},{"reference_url":"https://github.com/advisories/GHSA-8c56-v25w-f89c","reference_id":"GHSA-8c56-v25w-f89c","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8c56-v25w-f89c"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1223-1/","reference_id":"USN-1223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2011-3869","GHSA-8c56-v25w-f89c"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jhkk-5euf-uked"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/86260?format=json","vulnerability_id":"VCID-kkve-dj7r-gue1","summary":"puppet: certificates could be honored even when revoked","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3250.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3250.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3250","reference_id":"","reference_type":"","scores":[{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49203","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49175","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.4917","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49229","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49181","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49232","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49249","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49222","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49228","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49273","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49271","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49241","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49238","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49196","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00259","scoring_system":"epss","scoring_elements":"0.49112","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3250"},{"reference_url":"https://puppet.com/security/cve/CVE-2014-3250","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/CVE-2014-3250"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1101347","reference_id":"1101347","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1101347"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:linux:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3250","reference_id":"CVE-2014-3250","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3250"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1048991?format=json","purl":"pkg:deb/debian/puppet@3.7.2-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@3.7.2-4"}],"aliases":["CVE-2014-3250"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kkve-dj7r-gue1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15407?format=json","vulnerability_id":"VCID-kt2h-k72f-tqc7","summary":"Improper Neutralization of Special Elements used in a Command ('Command Injection')\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows remote authenticated users with agent SSL keys and file-creation permissions on the puppet master to execute arbitrary commands by creating a file whose full pathname contains shell metacharacters, then performing a filebucket request.","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079227.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079289.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080003.html"},{"reference_url":"http://projects.puppetlabs.com/issues/13518","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/issues/13518"},{"reference_url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1988","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-1988"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1988","reference_id":"","reference_type":"","scores":[{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65779","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65568","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65616","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65646","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65664","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65676","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65696","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65682","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65653","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65688","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65701","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65684","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65699","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.6571","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65709","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65685","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00492","scoring_system":"epss","scoring_elements":"0.65734","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1988"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74796","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74796"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/0d6d29933e613fe177e9235415919a5428db67bc"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/568ded50ec6cc498ad32ff7f086d9f73b5d24c14"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1988.yml"},{"reference_url":"https://hermes.opensuse.org/messages/14523305","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/14523305"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120513213112/http://projects.puppetlabs.com/issues/13518"},{"reference_url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120816020421/http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.6.15"},{"reference_url":"https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988"},{"reference_url":"https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025112409/http://secunia.com/advisories/48789"},{"reference_url":"https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025113446/http://secunia.com/advisories/48748"},{"reference_url":"https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025194830/http://secunia.com/advisories/49136"},{"reference_url":"https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121025194938/http://secunia.com/advisories/48743"},{"reference_url":"https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20121031092646/http://www.securityfocus.com/bid/52975"},{"reference_url":"http://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1419-1"},{"reference_url":"http://www.debian.org/security/2012/dsa-2451","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=810071","reference_id":"810071","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=810071"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1988/","reference_id":"CVE-2012-1988","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-1988/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1988","reference_id":"CVE-2012-1988","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1988"},{"reference_url":"https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/","reference_id":"CVE-2012-1988","reference_type":"","scores":[],"url":"https://web.archive.org/web/20121013181707/http://puppetlabs.com/security/cve/cve-2012-1988/"},{"reference_url":"https://github.com/advisories/GHSA-6xxq-j39w-g3f6","reference_id":"GHSA-6xxq-j39w-g3f6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-6xxq-j39w-g3f6"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-1988","GHSA-6xxq-j39w-g3f6"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kt2h-k72f-tqc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44785?format=json","vulnerability_id":"VCID-nf2h-5vd2-6kb1","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1653","reference_id":"","reference_type":"","scores":[{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83658","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83457","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83469","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83484","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83482","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83507","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83516","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83531","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83525","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83521","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83556","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83557","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83558","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83582","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83589","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83594","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83618","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01966","scoring_system":"epss","scoring_elements":"0.83639","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1653"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1653"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1653/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1653/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58446","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58446"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.0:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.1:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.0:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.1:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.2:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.3:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.4:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.5:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:1.2.6:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1653","reference_id":"CVE-2013-1653","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:C/I:C/A:C"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1653"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2013-1653"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nf2h-5vd2-6kb1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8438?format=json","vulnerability_id":"VCID-pdpa-qfpq-zkcq","summary":"Improper Input Validation\nPuppet 2.7.x before 2.7.21 and 3.1.x before 3.1.1, when running Ruby 1.9.3 or later, allows remote attackers to execute arbitrary code via vectors related to \"serialized attributes.\"","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1655","reference_id":"","reference_type":"","scores":[{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70515","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70391","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70376","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70419","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70428","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70409","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.7046","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70468","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70469","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70444","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70483","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70315","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70344","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70367","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70382","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00634","scoring_system":"epss","scoring_elements":"0.70406","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1655"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1655"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2013-1655.yml"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1655","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppetlabs.com/security/cve/cve-2013-1655"},{"reference_url":"https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20200228144801/http://www.securityfocus.com/bid/58442"},{"reference_url":"https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2013-1655-unauthenticated-remote-code-execution-vulnerability"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58442","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58442"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p0:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p125:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p194:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p286:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:1.9.3:p383:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ruby-lang:ruby:2.0.0:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1655","reference_id":"CVE-2013-1655","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1655"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1655/","reference_id":"CVE-2013-1655","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1655/"},{"reference_url":"https://github.com/advisories/GHSA-574q-fxfj-wv6h","reference_id":"GHSA-574q-fxfj-wv6h","reference_type":"","scores":[{"value":"HIGH","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-574q-fxfj-wv6h"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2013-1655","GHSA-574q-fxfj-wv6h"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pdpa-qfpq-zkcq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8447?format=json","vulnerability_id":"VCID-pgg8-9sk2-57ee","summary":"Low severity vulnerability that affects puppet\ntelnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise (PE) 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log (/tmp/out.log).","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-05/msg00012.html"},{"reference_url":"http://projects.puppetlabs.com/issues/13606","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/issues/13606"},{"reference_url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/projects/1/wiki/Release_Notes#2.7.13"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1989","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-1989"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1989.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1989","reference_id":"","reference_type":"","scores":[{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18129","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18181","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18193","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18221","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18131","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18114","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18076","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.17935","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18026","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18282","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18433","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18487","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18196","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.1828","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18335","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00058","scoring_system":"epss","scoring_elements":"0.18287","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1989"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1989"},{"reference_url":"http://secunia.com/advisories/48743","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48743"},{"reference_url":"http://secunia.com/advisories/48748","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/48748"},{"reference_url":"http://secunia.com/advisories/49136","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49136"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74797","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74797"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1989.yml"},{"reference_url":"https://hermes.opensuse.org/messages/15087408","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://hermes.opensuse.org/messages/15087408"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2012-1989-arbitrary-file-write-access"},{"reference_url":"http://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-1419-1"},{"reference_url":"http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/52975"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=837339","reference_id":"837339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=837339"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1989/","reference_id":"CVE-2012-1989","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-1989/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1989","reference_id":"CVE-2012-1989","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1989"},{"reference_url":"https://github.com/advisories/GHSA-c5qq-g673-5p49","reference_id":"GHSA-c5qq-g673-5p49","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c5qq-g673-5p49"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-1989","GHSA-c5qq-g673-5p49"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgg8-9sk2-57ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44794?format=json","vulnerability_id":"VCID-rfcx-7kc9-mbcr","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2274.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-2274.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2274","reference_id":"","reference_type":"","scores":[{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.8314","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82933","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82949","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82961","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82959","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82983","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83007","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.82996","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83035","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83037","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.8306","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83068","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83075","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83098","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01851","scoring_system":"epss","scoring_elements":"0.83119","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2274"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-2274/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-2274/"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58447","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58447"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919773","reference_id":"919773","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919773"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.6.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.6.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:1.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2274","reference_id":"CVE-2013-2274","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2274"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2013-2274"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfcx-7kc9-mbcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/87047?format=json","vulnerability_id":"VCID-rrky-upea-nfd4","summary":"puppet: authenticated clients allowed to read arbitrary files from the puppet master","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3864.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3864","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54466","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54542","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54565","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54534","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54586","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5458","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54592","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54574","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54553","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5459","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54569","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54533","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54548","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54527","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54476","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54519","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54572","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3864"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3864"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839130","reference_id":"839130","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1506-1/","reference_id":"USN-1506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1506-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-3864"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rrky-upea-nfd4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44782?format=json","vulnerability_id":"VCID-sweb-hbec-k3ha","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1652.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1652.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1652","reference_id":"","reference_type":"","scores":[{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.605","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60288","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60364","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60391","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60359","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60407","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60424","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60444","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60431","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60411","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60452","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.6046","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60451","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60434","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60449","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60437","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60395","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00396","scoring_system":"epss","scoring_elements":"0.60442","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1652"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1652"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1652/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1652/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/58443","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/58443"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919784","reference_id":"919784","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919784"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:*:*:*:*:enterprise:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1652","reference_id":"CVE-2013-1652","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1652"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2013-1652"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sweb-hbec-k3ha"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15405?format=json","vulnerability_id":"VCID-tetf-xa1u-uffv","summary":"Puppet uses predictable filenames, allowing arbitrary file overwrite\nPuppet 2.6.x before 2.6.15 and 2.7.x before 2.7.13, and Puppet Enterprise (PE) Users 1.0, 1.1, 1.2.x, 2.0.x, and 2.5.x before 2.5.1 uses predictable file names when installing Mac OS X packages from a remote source, which allows local users to overwrite arbitrary files or install arbitrary packages via a symlink attack on a temporary file in /tmp.","references":[{"reference_url":"http://projects.puppetlabs.com/issues/13260","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://projects.puppetlabs.com/issues/13260"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1906","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-1906"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1906.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1906","reference_id":"","reference_type":"","scores":[{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19639","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1972","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19722","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19734","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19628","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19615","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.1958","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19463","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19553","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19785","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19931","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19986","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19712","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19792","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19844","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19847","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19802","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00063","scoring_system":"epss","scoring_elements":"0.19745","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1906"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1906"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74793","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/74793"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/f7829ec1f1b2c3def8e0eda09c22c3c1fed3a27f"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-1906.yml"},{"reference_url":"https://ubuntu.com/usn/usn-1419-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://ubuntu.com/usn/usn-1419-1"},{"reference_url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20120415105345/http://www.securityfocus.com/bid/52975"},{"reference_url":"https://www.debian.org/security/2012/dsa-2451","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2012/dsa-2451"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236311","reference_id":"2236311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2236311"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-1906/","reference_id":"CVE-2012-1906","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-1906/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1906","reference_id":"CVE-2012-1906","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1906"},{"reference_url":"https://github.com/advisories/GHSA-c4mc-49hq-q275","reference_id":"GHSA-c4mc-49hq-q275","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4mc-49hq-q275"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-1906","GHSA-c4mc-49hq-q275"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tetf-xa1u-uffv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15493?format=json","vulnerability_id":"VCID-txx3-3fzg-33cp","summary":"Improper Link Resolution Before File Access ('Link Following')\nPuppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.","references":[{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/91e3b46d2328a1cb"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068053.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068061.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068093.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3870.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3870","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09472","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09512","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09547","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09345","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09344","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09397","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09401","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09452","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09451","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09361","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09435","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09483","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09469","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09496","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09611","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.0954","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.09382","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3870"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3870"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/88512e880bd2a03694b5fef42540dc7b3da05d30"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/b29b1785d543a3cea961fffa9b3c15f14ab7cce0"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-3870.yml"},{"reference_url":"http://www.debian.org/security/2011/dsa-2314","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2314"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1223-2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1223-2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=742644","reference_id":"742644","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=742644"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3870","reference_id":"CVE-2011-3870","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-3870"},{"reference_url":"https://puppet.com/security/cve/cve-2011-3870","reference_id":"CVE-2011-3870","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2011-3870"},{"reference_url":"https://github.com/advisories/GHSA-qh3g-27jf-3j54","reference_id":"GHSA-qh3g-27jf-3j54","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-qh3g-27jf-3j54"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1223-1/","reference_id":"USN-1223-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1223-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2011-3870","GHSA-qh3g-27jf-3j54"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-txx3-3fzg-33cp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44774?format=json","vulnerability_id":"VCID-v9kt-4vxm-ekdw","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-6120.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6120","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12941","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12968","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13059","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13111","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12914","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12994","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13045","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13007","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12923","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12823","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12826","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12924","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12948","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12916","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1281","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1272","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12869","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-6120"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6120"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=908629","reference_id":"908629","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=908629"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_essex:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack_folsom:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6120","reference_id":"CVE-2012-6120","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6120"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-6120"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v9kt-4vxm-ekdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8419?format=json","vulnerability_id":"VCID-vgbw-4yuu-57fz","summary":"Low severity vulnerability that affects puppet\nlib/puppet/defaults.rb in Puppet 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, uses 0644 permissions for last_run_report.yaml, which allows local users to obtain sensitive configuration information by leveraging access to the puppet master server to read this file.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3866","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-3866"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3866","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15659","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15657","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15593","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1552","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15529","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15621","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15564","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15436","published_at":"2026-05-05T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15556","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15674","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15712","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15776","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1558","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15666","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15725","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3866"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839135","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839135"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3866"},{"reference_url":"http://secunia.com/advisories/50014","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50014"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/fd44bf5e6d0d360f6a493d663b653c121fa83c3f"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3866.yml"},{"reference_url":"https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2012-3866-lastrunreportyaml-world-readable"},{"reference_url":"http://www.debian.org/security/2012/dsa-2511","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2511"},{"reference_url":"http://www.ubuntu.com/usn/USN-1506-1","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1506-1"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3866/","reference_id":"CVE-2012-3866","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-3866/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3866","reference_id":"CVE-2012-3866","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3866"},{"reference_url":"https://github.com/advisories/GHSA-8jxj-9r5f-w3m2","reference_id":"GHSA-8jxj-9r5f-w3m2","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-8jxj-9r5f-w3m2"},{"reference_url":"https://usn.ubuntu.com/1506-1/","reference_id":"USN-1506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1506-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-3866","GHSA-8jxj-9r5f-w3m2"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vgbw-4yuu-57fz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47722?format=json","vulnerability_id":"VCID-vrzs-81t1-jyax","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which might allow local attackers to gain escalated privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3872.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3872.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3872","reference_id":"","reference_type":"","scores":[{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.85995","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86006","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86023","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86022","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86051","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86065","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86063","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86058","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86076","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86081","published_at":"2026-04-18T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86073","published_at":"2026-04-21T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86093","published_at":"2026-04-24T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86102","published_at":"2026-04-26T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86103","published_at":"2026-04-29T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86122","published_at":"2026-05-05T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86144","published_at":"2026-05-07T12:55:00Z"},{"value":"0.02778","scoring_system":"epss","scoring_elements":"0.86161","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-3872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3872"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=748447","reference_id":"748447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=748447"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/1238-1/","reference_id":"USN-1238-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1238-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2011-3872"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vrzs-81t1-jyax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/8401?format=json","vulnerability_id":"VCID-wage-71h9-6qay","summary":"Moderate severity vulnerability that affects puppet\nlib/puppet/ssl/certificate_authority.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, does not properly restrict the characters in the Common Name field of a Certificate Signing Request (CSR), which makes it easier for user-assisted remote attackers to trick administrators into signing a crafted agent certificate via ANSI control sequences.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2012-08/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-updates/2012-07/msg00036.html"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3867","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://puppetlabs.com/security/cve/cve-2012-3867"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-3867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3867","reference_id":"","reference_type":"","scores":[{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80707","published_at":"2026-05-09T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80578","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80571","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80599","published_at":"2026-04-16T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80601","published_at":"2026-04-18T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80604","published_at":"2026-04-21T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80629","published_at":"2026-04-24T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80633","published_at":"2026-04-26T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80648","published_at":"2026-04-29T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80666","published_at":"2026-05-05T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80688","published_at":"2026-05-07T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80516","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80522","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80544","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80565","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80575","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01418","scoring_system":"epss","scoring_elements":"0.80592","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3867"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=839158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=839158"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3867"},{"reference_url":"http://secunia.com/advisories/50014","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/50014"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/dfedaa5fa841ccf335245a748b347b7c7c236640"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/f3419620b42080dad3b0be14470b20a972f13c50"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2012-3867.yml"},{"reference_url":"https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.puppet.com/security/cve/cve-2012-3867-insufficient-input-validation"},{"reference_url":"http://www.debian.org/security/2012/dsa-2511","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2012/dsa-2511"},{"reference_url":"http://www.ubuntu.com/usn/USN-1506-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1506-1"},{"reference_url":"http://puppetlabs.com/security/cve/cve-2012-3867/","reference_id":"CVE-2012-3867","reference_type":"","scores":[],"url":"http://puppetlabs.com/security/cve/cve-2012-3867/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3867","reference_id":"CVE-2012-3867","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3867"},{"reference_url":"https://github.com/advisories/GHSA-q44r-f2hm-v76v","reference_id":"GHSA-q44r-f2hm-v76v","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-q44r-f2hm-v76v"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1506-1/","reference_id":"USN-1506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1506-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-3867","GHSA-q44r-f2hm-v76v"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wage-71h9-6qay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44788?format=json","vulnerability_id":"VCID-wdwr-8m6q-kff5","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-04/msg00056.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0710.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1654.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1654.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1654","reference_id":"","reference_type":"","scores":[{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64109","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63902","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63961","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63988","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63948","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63998","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64016","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64028","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64014","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.63984","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64019","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64032","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64038","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64051","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64049","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64018","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00458","scoring_system":"epss","scoring_elements":"0.64063","published_at":"2026-05-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-1654"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1654"},{"reference_url":"http://secunia.com/advisories/52596","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/52596"},{"reference_url":"https://puppetlabs.com/security/cve/cve-2013-1654/","reference_id":"","reference_type":"","scores":[],"url":"https://puppetlabs.com/security/cve/cve-2013-1654/"},{"reference_url":"http://ubuntu.com/usn/usn-1759-1","reference_id":"","reference_type":"","scores":[],"url":"http://ubuntu.com/usn/usn-1759-1"},{"reference_url":"http://www.debian.org/security/2013/dsa-2643","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2643"},{"reference_url":"http://www.securityfocus.com/bid/64758","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/64758"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=919770","reference_id":"919770","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=919770"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.0:-:enterprise:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.1:-:enterprise:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:puppet:2.7.20:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet:2.7.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:3.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1654","reference_id":"CVE-2013-1654","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-1654"},{"reference_url":"https://security.gentoo.org/glsa/201308-04","reference_id":"GLSA-201308-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201308-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0710","reference_id":"RHSA-2013:0710","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0710"},{"reference_url":"https://usn.ubuntu.com/1759-1/","reference_id":"USN-1759-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1759-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2013-1654"],"risk_score":2.2,"exploitability":"0.5","weighted_severity":"4.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wdwr-8m6q-kff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58156?format=json","vulnerability_id":"VCID-wkb1-dm1m-67db","summary":"Multiple vulnerabilities have been found in Puppet Agent, the worst\n    of which could result in the execution of arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5714","reference_id":"","reference_type":"","scores":[{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.7725","published_at":"2026-05-09T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77229","published_at":"2026-05-07T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77044","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77049","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77078","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.7706","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77092","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77102","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77109","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77105","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77145","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77147","published_at":"2026-04-18T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77138","published_at":"2026-04-21T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77173","published_at":"2026-04-24T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77179","published_at":"2026-04-26T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.77193","published_at":"2026-04-29T12:55:00Z"},{"value":"0.0101","scoring_system":"epss","scoring_elements":"0.772","published_at":"2026-05-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5714"},{"reference_url":"https://bugs.gentoo.org/597684","reference_id":"","reference_type":"","scores":[],"url":"https://bugs.gentoo.org/597684"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5714","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5714"},{"reference_url":"https://puppet.com/security/cve/cve-2016-5714","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/cve-2016-5714"},{"reference_url":"https://puppet.com/security/cve/pxp-agent-oct-2016","reference_id":"","reference_type":"","scores":[],"url":"https://puppet.com/security/cve/pxp-agent-oct-2016"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_agent:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2015.3.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.1.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise:2016.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5714","reference_id":"CVE-2016-5714","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:P/A:P"},{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5714"},{"reference_url":"https://security.gentoo.org/glsa/201710-12","reference_id":"GLSA-201710-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1052088?format=json","purl":"pkg:deb/debian/puppet@4.8.2-5~bpo8%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-8xgm-pabz-hkeg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@4.8.2-5~bpo8%252B1"}],"aliases":["CVE-2016-5714"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wkb1-dm1m-67db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36740?format=json","vulnerability_id":"VCID-yycs-ny3v-pyeh","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which could lead to execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-1986.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1986","reference_id":"","reference_type":"","scores":[{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.58974","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59049","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59071","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59036","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59087","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59093","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59111","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59075","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.5911","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59115","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59095","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59092","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59079","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59038","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59088","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00374","scoring_system":"epss","scoring_elements":"0.59144","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1986"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=810069","reference_id":"810069","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=810069"},{"reference_url":"https://security.gentoo.org/glsa/201208-02","reference_id":"GLSA-201208-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201208-02"},{"reference_url":"https://access.redhat.com/errata/RHSA-2012:1542","reference_id":"RHSA-2012:1542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2012:1542"},{"reference_url":"https://usn.ubuntu.com/1419-1/","reference_id":"USN-1419-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1419-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572282?format=json","purl":"pkg:deb/debian/puppet@2.7.23-1~deb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-wkb1-dm1m-67db"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.7.23-1~deb7u3"}],"aliases":["CVE-2012-1986"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yycs-ny3v-pyeh"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15783?format=json","vulnerability_id":"VCID-5qhd-8wfe-27dy","summary":"Puppet does not properly restrict access to node resources\nPuppet 2.6.0 through 2.6.3 does not properly restrict access to node resources, which allows remote authenticated Puppet nodes to read or modify the resources of other nodes via unspecified vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-0528.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0528","reference_id":"","reference_type":"","scores":[{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49984","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50047","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.5002","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50016","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50062","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50064","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50036","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50024","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49898","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49954","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49966","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50003","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50031","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.49982","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50037","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00265","scoring_system":"epss","scoring_elements":"0.50029","published_at":"2026-04-26T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-0528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0528"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/eee1a9cdaa5cab6222c8e6ab087d319f976fa4e3"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2011-0528.yml"},{"reference_url":"http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mail-archive.com/puppet-users%40googlegroups.com/msg16429.html"},{"reference_url":"http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mail-archive.com/puppet-users@googlegroups.com/msg16429.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/01/27/6","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/01/27/6"},{"reference_url":"http://www.openwall.com/lists/oss-security/2011/01/31/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2011/01/31/5"},{"reference_url":"http://www.ubuntu.com/usn/USN-1365-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1365-1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0528","reference_id":"CVE-2011-0528","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-0528"},{"reference_url":"https://github.com/advisories/GHSA-9pvx-fwwh-w289","reference_id":"GHSA-9pvx-fwwh-w289","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-9pvx-fwwh-w289"},{"reference_url":"https://usn.ubuntu.com/1365-1/","reference_id":"USN-1365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1365-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572280?format=json","purl":"pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-2jc8-n1j4-m7c6"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-3zzj-krc5-skea"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-72s2-y7m6-kuf6"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-75gs-2gu3-6udx"},{"vulnerability":"VCID-7jtp-a1nw-bqfs"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-a7cn-eqbq-qyb1"},{"vulnerability":"VCID-b94j-dcjk-eqeu"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fdk4-8wtn-nqct"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-h88b-abes-3bgr"},{"vulnerability":"VCID-jhkk-5euf-uked"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-kt2h-k72f-tqc7"},{"vulnerability":"VCID-nf2h-5vd2-6kb1"},{"vulnerability":"VCID-pdpa-qfpq-zkcq"},{"vulnerability":"VCID-pgg8-9sk2-57ee"},{"vulnerability":"VCID-rfcx-7kc9-mbcr"},{"vulnerability":"VCID-rrky-upea-nfd4"},{"vulnerability":"VCID-sweb-hbec-k3ha"},{"vulnerability":"VCID-tetf-xa1u-uffv"},{"vulnerability":"VCID-txx3-3fzg-33cp"},{"vulnerability":"VCID-v9kt-4vxm-ekdw"},{"vulnerability":"VCID-vgbw-4yuu-57fz"},{"vulnerability":"VCID-vrzs-81t1-jyax"},{"vulnerability":"VCID-wage-71h9-6qay"},{"vulnerability":"VCID-wdwr-8m6q-kff5"},{"vulnerability":"VCID-wkb1-dm1m-67db"},{"vulnerability":"VCID-yycs-ny3v-pyeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9"}],"aliases":["CVE-2011-0528","GHSA-9pvx-fwwh-w289"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5qhd-8wfe-27dy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47720?format=json","vulnerability_id":"VCID-absc-ndrs-yqep","summary":"Multiple vulnerabilities have been found in Puppet, the worst of\n    which might allow local attackers to gain escalated privileges.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3564.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3564.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3564","reference_id":"","reference_type":"","scores":[{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16703","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16872","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16929","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16712","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16798","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16853","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.1683","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16786","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16727","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16664","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16671","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16708","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16613","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16603","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16568","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16434","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16553","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00053","scoring_system":"epss","scoring_elements":"0.16658","published_at":"2026-05-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3564"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3564","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3564"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=475201","reference_id":"475201","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=475201"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551073","reference_id":"551073","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=551073"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/917-1/","reference_id":"USN-917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/917-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572280?format=json","purl":"pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-2jc8-n1j4-m7c6"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-3zzj-krc5-skea"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-72s2-y7m6-kuf6"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-75gs-2gu3-6udx"},{"vulnerability":"VCID-7jtp-a1nw-bqfs"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-a7cn-eqbq-qyb1"},{"vulnerability":"VCID-b94j-dcjk-eqeu"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fdk4-8wtn-nqct"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-h88b-abes-3bgr"},{"vulnerability":"VCID-jhkk-5euf-uked"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-kt2h-k72f-tqc7"},{"vulnerability":"VCID-nf2h-5vd2-6kb1"},{"vulnerability":"VCID-pdpa-qfpq-zkcq"},{"vulnerability":"VCID-pgg8-9sk2-57ee"},{"vulnerability":"VCID-rfcx-7kc9-mbcr"},{"vulnerability":"VCID-rrky-upea-nfd4"},{"vulnerability":"VCID-sweb-hbec-k3ha"},{"vulnerability":"VCID-tetf-xa1u-uffv"},{"vulnerability":"VCID-txx3-3fzg-33cp"},{"vulnerability":"VCID-v9kt-4vxm-ekdw"},{"vulnerability":"VCID-vgbw-4yuu-57fz"},{"vulnerability":"VCID-vrzs-81t1-jyax"},{"vulnerability":"VCID-wage-71h9-6qay"},{"vulnerability":"VCID-wdwr-8m6q-kff5"},{"vulnerability":"VCID-wkb1-dm1m-67db"},{"vulnerability":"VCID-yycs-ny3v-pyeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9"}],"aliases":["CVE-2009-3564"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-absc-ndrs-yqep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14212?format=json","vulnerability_id":"VCID-ww8x-tzxr-4qbn","summary":"Improper Link Resolution Before File Access ('Link Following')\nPuppet 0.24.x before 0.24.9 and 0.25.x before 0.25.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/daemonout, (2) /tmp/puppetdoc.txt, (3) /tmp/puppetdoc.tex, or (4) /tmp/puppetdoc.aux temporary file.","references":[{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/4401823f6cbf6087"},{"reference_url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://groups.google.com/group/puppet-announce/browse_thread/thread/73cd1b2896d986c2"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036083.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036166.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0156","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12756","published_at":"2026-05-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1275","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12653","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1266","published_at":"2026-04-18T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1277","published_at":"2026-04-21T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.1279","published_at":"2026-04-24T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12753","published_at":"2026-04-26T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12645","published_at":"2026-04-29T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12552","published_at":"2026-05-05T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12687","published_at":"2026-05-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12785","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12883","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12933","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12736","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12816","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12867","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12833","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.12795","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2010-0156"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=502881","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=502881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0156"},{"reference_url":"https://github.com/puppetlabs/puppet","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/0aae57f91dc69b22fb674f8de3a13c22edd07128"},{"reference_url":"https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/puppetlabs/puppet/commit/6111ba80f2c6f6d1541af971f565119e6e03d77d"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/puppet/CVE-2010-0156.yml"},{"reference_url":"https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766","reference_id":"","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://web.archive.org/web/20100316113904/http://secunia.com/advisories/38766"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0156","reference_id":"CVE-2010-0156","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-0156"},{"reference_url":"https://puppet.com/security/cve/cve-2010-0156","reference_id":"CVE-2010-0156","reference_type":"","scores":[{"value":"LOW","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://puppet.com/security/cve/cve-2010-0156"},{"reference_url":"https://github.com/advisories/GHSA-vrh7-99jh-3fmm","reference_id":"GHSA-vrh7-99jh-3fmm","reference_type":"","scores":[{"value":"LOW","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-vrh7-99jh-3fmm"},{"reference_url":"https://security.gentoo.org/glsa/201203-03","reference_id":"GLSA-201203-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-03"},{"reference_url":"https://usn.ubuntu.com/917-1/","reference_id":"USN-917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/917-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572280?format=json","purl":"pkg:deb/debian/puppet@2.6.2-5%2Bsqueeze9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-18aq-72zg-3uc9"},{"vulnerability":"VCID-2jc8-n1j4-m7c6"},{"vulnerability":"VCID-3kma-3ffw-8qd9"},{"vulnerability":"VCID-3zzj-krc5-skea"},{"vulnerability":"VCID-5g6u-uvej-xbad"},{"vulnerability":"VCID-72s2-y7m6-kuf6"},{"vulnerability":"VCID-73uh-2gkm-6kgy"},{"vulnerability":"VCID-75gs-2gu3-6udx"},{"vulnerability":"VCID-7jtp-a1nw-bqfs"},{"vulnerability":"VCID-7ypq-wmb7-quhc"},{"vulnerability":"VCID-8xgm-pabz-hkeg"},{"vulnerability":"VCID-a7cn-eqbq-qyb1"},{"vulnerability":"VCID-b94j-dcjk-eqeu"},{"vulnerability":"VCID-bt3p-h1js-53gg"},{"vulnerability":"VCID-fdk4-8wtn-nqct"},{"vulnerability":"VCID-fjbx-bqnn-2bf3"},{"vulnerability":"VCID-h88b-abes-3bgr"},{"vulnerability":"VCID-jhkk-5euf-uked"},{"vulnerability":"VCID-kkve-dj7r-gue1"},{"vulnerability":"VCID-kt2h-k72f-tqc7"},{"vulnerability":"VCID-nf2h-5vd2-6kb1"},{"vulnerability":"VCID-pdpa-qfpq-zkcq"},{"vulnerability":"VCID-pgg8-9sk2-57ee"},{"vulnerability":"VCID-rfcx-7kc9-mbcr"},{"vulnerability":"VCID-rrky-upea-nfd4"},{"vulnerability":"VCID-sweb-hbec-k3ha"},{"vulnerability":"VCID-tetf-xa1u-uffv"},{"vulnerability":"VCID-txx3-3fzg-33cp"},{"vulnerability":"VCID-v9kt-4vxm-ekdw"},{"vulnerability":"VCID-vgbw-4yuu-57fz"},{"vulnerability":"VCID-vrzs-81t1-jyax"},{"vulnerability":"VCID-wage-71h9-6qay"},{"vulnerability":"VCID-wdwr-8m6q-kff5"},{"vulnerability":"VCID-wkb1-dm1m-67db"},{"vulnerability":"VCID-yycs-ny3v-pyeh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9"}],"aliases":["CVE-2010-0156","GHSA-vrh7-99jh-3fmm"],"risk_score":1.4,"exploitability":"0.5","weighted_severity":"2.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ww8x-tzxr-4qbn"}],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/puppet@2.6.2-5%252Bsqueeze9"}